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DETAILED ACTION 

1 . Claims 1-30 are pending in this application 

Specification 

2. The disclosure is objected to because of the following informalities: 

I. [0048] line 4, "tier 3 switch 124" is not present in Fig. 1 . 

II. [0048] line 13, "docking port 125" is not present in Fig. 1. 



Claim Objections 

3. The following claims are objected to for lack of antecedent basis, 
a. Claim 3, recites the limitation "the network" in line 1 . 



4. Claims 17 and 20 are objected to because of the following informalities: 
a. Claim 17 on line 1, "A method as recited in claim 6, wherein each of the 
identified..." is missed label. For the purpose of examining this would be 
treated as "A method as recited in claim 16, wherein each of the identified...". 



b. Claim 20 on line 1, "A method as recited in claim 1, wherein in a first mode..." 
is missed label. For the purpose of examining this would be treated as "A 
method as recited in claim 10, wherein in a first mode...". 



Appropriate correction is required. 
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Claim Rejections - 35 USC §112 

5. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

6. Claims 3, 10, 12-13, 20, 30 are rejected under 35 USC 112, second paragraph 
as being indefinite for failing to particularly point out and distinct claim the subject matter 
which applicant regards as the invention. 

7. With regard to claim 3 on line 3 and claim 13 on line 3, the phrase "the network" 
is not clearly understood whether it is referring to the selected network or the IP 
network. 

8. With regard to claim 10 on lines 1 and 2, claim 20 on lines 1 and 2, and claim 30 
on lines 2 and 3, the phrase "the bandwidth of the network is substantially 
unaffected by the network virus/monitor sensor" is not clearly understood on how 
the sensing operation may/may not affect the bandwidth. 

9. With regard to claim 12 on line 2, the phrase "during an initialization phase" is not 
clearly understood whether it is referring to an initialization phase of the network 
virus/worm sensor or any other initialization phase. 
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Double Patenting 

10. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. A nonstatutory 
obviousness-type double patenting rejection is appropriate where the conflicting claims 
are not identical, but at least one examined application claim is not patentably distinct 
from the reference claim(s) because the examined application claim is either anticipated 
by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 
F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 
USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 
1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 
F.2d 438, 164 USPQ 619 (CCPA 1970); and In re Thorington, 418 F.2d 528, 163 
USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) 
may be used to overcome an actual or provisional rejection based on a nonstatutory 
double patenting ground provided the conflicting application or patent either is shown to 
be commonly owned with this application, or claims an invention made as a result of 
activities undertaken within the scope of a joint research agreement. 

Effective January 1 , 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 



1 1 . Claims 20 and 30 of the instant application are provisionally rejected on the 

ground of nonstatutory obviousness-type double patenting as being unpatentable 
over claims 13 and 24 of copending Application No. 10/683579, hereafter "3579". 
Claims 1 3 and 24 of "3579" contain every element of claim 20 and 30 of the 
instant application. Claims 20 and 30 of the instant application; therefore are not 
patentably distinct from the copending application "3579". This is a provisional 
obviousness-type double patenting rejection because the conflicting claims have 



not in fact been patented. 
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Claim Rejections - 35 USC § 103 

12. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

13. Claims 1-6, 8, 10-16, 18, 20-26, 28, and 30 are rejected under 35 USC 103(a) as 
being unpatentable over Suuronen et al (US PGPub. No. 2003/0145228), hereafter 
"Suuronen" and in view of Douglas et al. (US Pat. No. 6269400), hereafter "Douglas". 

14. With regard to claim 1, Suuronen discloses a network virus defense system 
(Abstract), comprising: 

A network virus/worm sensor (Fig. 1 - item 14, 22, and 24, [0020] lines 1-16) 
operable in a number of modes arranged to detect a computer virus or a 
computer worm in the network ([0020] lines 1-16, first and second type of packet 
determines whether the instant packet would be passed directly to the 
destination or be forwarded to virus scan engine for further analysis; thus, it 
indicates that the firewall is operating in a number of modes). 
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However, Suuronen does not disclose a network virus sensor self registration 
module coupled to the network virus/worm sensor arranged to automatically self 
register the associated network virus/worm sensor. 

Douglas, on the other hand, discloses a network virus sensor self registration 
module coupled to the network virus/worm sensor (col. 3, lines 28-31 , HTTP 
server reads on self registration module) arranged to automatically self register 
the associated network virus/worm sensor (col. 4, lines 65-68). 



It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to modify Suuronen by the methods of self 
registration coupled to the network virus/worm sensor automatically self register 
the associated network virus/worm sensor as taught by Douglas in order to 
conduct automatically discovery and registration of available agents on a 
distributed network (Douglas, col. 2, lines 38-39). 

1 5. With regard to claim 1 1 , Suuronen discloses a network having a number of 
servers and associated client devices, a method of a network virus defense 
system (Abstract) that includes a network virus/worm sensor (Fig. 1 - item 14, 
22, and 24, [0020] lines 1-16) operable in a number of modes arranged to detect 
a computer virus or a computer worm in the network ([0020] lines 1-16, first and 
second type of packet determines whether the instant packet would be passed 
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directly to the destination or be forwarded to virus scan engine for further 
analysis; thus, it indicates that the firewall is operating in a number of modes). 

However, Suuronen does not disclose a method of automatically self registering 
the associated network virus/worm sensor by a network virus sensor self 
registration module coupled to the network virus/worm sensor. 

Douglas, on the other hand, discloses a method of automatically self registering 
the associated network virus/worm sensor by a network virus sensor self 
registration module (col. 4, lines 65-68) coupled to the network virus/worm 
sensor (col. 3, lines 28-31 , HTTP server reads on self registration module). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to modify Suuronen by the methods of self 
registration coupled to the network virus/worm sensor automatically self register 
the associated network virus/worm sensor as taught by Douglas in order to 
conduct automatically discovery and registration of available agents on a 
distributed network (Douglas, col. 2, lines 38-39). 

16. With regard to claim 21 , Suuronen discloses a network having a number of 

servers and associated client devices, a computer program product ([0007] line 
4) of a network virus defense system (Abstract) that includes a network 
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virus/worm sensor (Fig. 1 - item 14, 22, and 24, [0020] lines 1-16) operable in a 
number of modes arranged to detect a computer virus or a computer worm in the 
network ([0020] lines 1-16, firsthand second type of packet determines whether 
the instant packet would be passed directly to the destination or be forwarded to 
virus scan engine for further analysis; thus, it indicates that the firewall is 
operating in a number of modes). 

Computer readable medium for storing the computer code ([0007], line 4). 

However, Suuronen does not disclose computer code of automatically self 
registering the associated network virus/worm sensor by a network virus sensor 
self registration module coupled to the network virus/worm sensor. 

Douglas, on the other hand, discloses computer code for automatically self 
registering the associated network virus/worm sensor by a network virus sensor 
self registration module (col. 4, lines 65-68) coupled to the network virus/worm 
sensor (col. 3, lines 28-31 , HTTP server reads on self registration module). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to modify Suuronen by the methods of self 
registration coupled to the network virus/worm sensor automatically self register 
the associated network virus/worm sensor as taught by Douglas in order to 
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conduct automatically discovery and registration of available agents on a 
distributed network (Douglas, col. 2, lines 38-39). 

17. With regard to claims 2, 12, and 22, Suuronen discloses an initialization phase of 
the network virus/worm sensor ([0021] lines 14-15 dynamically updated with virus 
updates indicates the initialization phase). 

However, Suuronent does not disclose the network virus/worm self registration 
module collects selected network environmental information and network 
configuration information. 

Douglas, on the other hand, discloses disclose the network virus/worm self 
registration module collects selected network environmental information and 
network configuration information (col. 4, lines 61-64, host name and operating 
system indicate network environmental and configuration information). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to modify Suuronen by the methods of self 
registration coupled to the network virus/worm sensor automatically self register 
the associated network virus/worm sensor as taught by Douglas in order to 
conduct automatically discovery and registration of available agents on a 
distributed network (Douglas, col. 2, lines 38-39). 
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18. With regard to claims 3, 13, and 23, Suuronen discloses the network is an IP 
based type network ([0019], lines 4-5, TCP/IP protocol indicates the network is 
an IP based netwrok). However, Suuronen does not disclose the selected 
network environmental information includes an IP address for all of the relevant 
client devices included in the network. 

Douglas, on the other hand, discloses the selected network environmental 
information includes an IP address for all of the relevant client devices included 
in the network (col. 3, lines 61-64). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to modify Suuronen by including an IP address 
for all the relevant client devices included in the network, as taught by Douglas in 
order to conduct automatically discovery and registration of available agents on a 
distributed network (Douglas, col. 2, lines 38-39). 

19. With regard to claims 4, 14, and 24, Suuronen discloses the network virus/worm 
sensor (Fig. 1 - items 14, 22 and 24, [0020] lines 1-16). However, Suuronen 
does not disclose the network configuration information includes self 
configuration information related to an appropriate IP address for the network 
virus/worm sensor. 
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Douglas, on the other hand, discloses the network configuration information 
includes self configuration information related to an appropriate IP address for 
the network virus/worm sensor (col. 4, lines 61-64, host name indicates self 
configuration). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to modify Suuronen by including self 
configuration information related to an appropriate IP address for the network 
virus/worm sensor, as taught by Douglas in order to conduct automatically 
discovery and registration of available agents on a distributed network (Douglas, 
col. 2, lines 38-39) 

20. With regard to claims 5, 15, and 25, Suuronen does not discloses the network 
configuration information includes locations of all relevant server computers. 

Douglas, on the other hand, discloses the network configuration information 
includes locations of all relevant server computers (col. 3, lines 60-62, list of IP 
addresses indicates locations of all relevant server computers). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to modify Suuronen by including locations of all 
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relevant server computers as taught by Douglas in order to conduct automatically 
discovery and registration of available agents on a distributed network (Douglas, 
col. 2, lines 38-39) 

21 . With regard to claims 6, 16, and 26, Suuronen discloses selected ones of the 
relevant server computers (Fig. 1 , [0009] lines 1-5, a firewall and virus scanning 
engine indicates the selected relevant server computers) are identified as 
controllers (Fig. 1 items 14 and 16, [0020] the combination of the firewall and 
Packet Classification Database act as a traffic controller to determine which 
packets get transferred to the network and which packets get forwarded to the 
Virus Scanning Engine). 

22. With regard to claims 8, 18, 28, Suuronen discloses during the initialization 
phase ([0021] lines 14-15 dynamically updated with virus updates indicates the 
initialization phase), each of the rules engines (Fig. 1 items 22 and 24, virus 
scanning engine couple with virus detection database form rules engine to detect 
computer viruses and worms, [0021] lines 5-6) associated with each of the 
identified controllers (Fig. 1 items 14 and 16) are updated with a set of detection 
rules for detecting computer viruses and worms ([0021] lines 14-21). 

23. With regard to claims 10, 20, and 30, Suuronen discloses in a first mode the 
bandwidth of the network is substantially unaffected by the network virus/monitor 
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sensor ([0007] lines 5-10, [0020] lines 2-9 being able to process packets in real 
time would mean that the bandwidth is unaffected by this process) wherein when 
the network virus/worm sensor (Fig 1 items 22 and 24) detects a computer virus 
or a computer worm, the virus/worm sensor switches to a second mode ([0019], 
lines 27- 39, sending second type of packets to virus scanning engine indicates 
second mode) such that only those data packets infected by the computer virus 
are not returned to the network ([0021] lines 28-34, dropped data packets being 
received by Firewall indicates that infected packets are not returned to the 
network). 

.24. Claims 7, 17, 27, 9, 19, and 29 are rejected under 35 USC 103(a) as being 
unpatentable over Suuronen in view of Douglas, and further in view of White et al. 
("Anatomy of a Commercial-Grade Immune System, IBM Research White Paper, 1999, 
http://www.research.ibm.com/antivirus/SciPapers/White/Anatomy/Anatomy.PDF), 
hereafter "White" 

25. With regard to claims 7, 17, and 27, Suuronen discloses each of the identified 
controllers (Fig. 1 items 14 and 16) includes a rules engine used to store and 
source a plurality of detection rules for detecting computer viruses and worms 
(Fig. 1 items 22 and 24, virus scanning engine couple with virus detection 
database form rules engine to detect computer viruses and worms, [0021] lines 
5-6). 
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However, neither Suuronen nor Douglas discloses an outbreak prevention policy 
(OPP) distribution and execution engine that provides a set of anti-virus policies, 
protocols, and procedures suitable for use by a system administrator for both 
preventing viral outbreaks and repairing any subsequent damage caused by a 
viral outbreak. 

White, on the other hand, discloses an outbreak prevention policy (OPP) 
distribution and execution engine (Fig. 3, page 14, Supervisor, Gateways, and 
admin system indicates OPP distribution and execution engine) that provides a 
set of anti-virus policies (page 13, Cure Distribution section, second paragraph, 
lines 5-8, install the updated virus definition indicates antivirus policies), protocols 
(page 20, Classification section, first paragraph), and procedures (page 14, 
second paragraph, lines 4-12) suitable for use by a system administrator for both 
preventing viral outbreaks and repairing any subsequent damage caused by a 
viral outbreak (page 13, Cure distribution section, first paragraph and second 
paragraph lines 5-7). 

It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to modify methods of Suuronen and Douglas to 
incorporate an outbreak prevention policy (OPP) distribution and execution 
engine that provides a set of anti-virus policies, protocols, and procedures 
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suitable for use by a system administrator for both preventing viral outbreaks and 
repairing any subsequent damage caused by a viral outbreak, as taught by White 
in order to analyze most viruses automatically and with greater speed and 
precision (White, page 2, second paragraph, lines 5-6). 

26. With regard to claims 9, 19, and 29, Suuronen discloses during the initialization 
phase ([0021] lines 14-15 dynamically updated with virus updates indicates the 
initialization phase) of each of the identified controllers (Fig. 1 items 14 and 16). 

However, neither Suuronen nor Douglas discloses each of the outbreak 
prevention policy distribution and execution engines are updated with a set of 
anti-virus policies, a set of anti-virus protocols, and a set of anti-virus procedures. 

White, on the other hand, discloses each of the outbreak prevention policy 
distribution and execution engines (Fig. 3, page 14, Supervisor, Gateways, and 
admin system indicates OPP distribution and execution engine) are updated with 
set of anti-virus policies (page 13, Cure Distribution section, second paragraph, 
lines 5-8, install the updated virus definition indicates antivirus policies), protocols 
(page 20, Classification section, first paragraph), and procedures (page 14, 
second paragraph, lines 4-12). 
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It would have been obvious to one of the ordinary skill in the art at the time of the 
applicant's invention was made to modify methods of Suuronen and Douglas to 
update each of outbreak prevention policy (OPP) distribution and execution 
engine with a set of anti-virus policies, a set of anti-virus protocols, and a set of 
anti-virus procedures, as taught by White in order to analyze most viruses 
automatically and with greater speed and precision (White, page 2, second 
paragraph, lines 5-6). 

Conclusion 

27. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a. US PGPub No. 2006/0212572 to Afek et al. (Discloses screening first 
packet for any malicious signature. If found blocked the source address) 

b. US Pat. No. 671 1686 to Barrett (Discloses security management tool to 
gather system information). 

c. US Pat. No. 5920698 to Ben-Michael et al. (Discloses automatic detection 
by a port of the type of device connect to a network). 



d. 



US PGPub No. 2004/0139179 to Beyda (Discloses monitoring and 
automatically detect faulty network traffic routing conditions). 
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e. US PGPub No. 2004/01 391 96 to Butler et al. (Discloses releasing a 
reservation held by a host on a target device). 

28. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Khoi Nguyen whose telephone number is 570-270-1251 
The examiner can normally be reached on Mon-Fri (8:30 am - 5:00 pm est) 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO 
Customer Service Representative or access to the automated information system, call 
800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Khoi Nguyen 
Art Unit: 2132 
Date: 1/27/07 
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